Moderate severityNVD Advisory· Published Sep 14, 2023· Updated Sep 26, 2024

Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption

CVE-2023-4680

Description

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/hashicorp/vaultGo	>= 1.6.0, < 1.12.11	1.12.11
github.com/hashicorp/vaultGo	>= 1.13.0, < 1.13.7	1.13.7
github.com/hashicorp/vaultGo	>= 1.14.0, < 1.14.3	1.14.3

Affected products

Hashicorp/Vaultv5
Range: 1.14.0
HashiCorp/Vault Enterprisev5
Range: 1.14.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000